Overview of Progent's Ransomware Forensics and Reporting in St. Louis
Progent's ransomware forensics experts can preserve the system state after a ransomware attack and carry out a comprehensive forensics investigation without interfering with the processes required for operational continuity and data restoration. Your St. Louis business can utilize Progent's forensics report to counter subsequent ransomware attacks, assist in the cleanup of encrypted data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics investigation is aimed at determining and documenting the ransomware assault's progress throughout the targeted network from start to finish. This audit trail of how a ransomware attack progressed within the network helps you to assess the impact and highlights vulnerabilities in policies or processes that need to be rectified to prevent later break-ins. Forensics is usually assigned a top priority by the insurance provider and is typically mandated by government and industry regulations. Because forensic analysis can take time, it is vital that other important activities like operational resumption are pursued in parallel. Progent has an extensive team of information technology and cybersecurity professionals with the skills needed to carry out activities for containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is arduous and calls for close cooperation with the groups focused on file restoration and, if necessary, payment negotiation with the ransomware hacker. Ransomware forensics typically require the review of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, schedulers, and core Windows systems to look for changes.
Activities involved with forensics investigation include:
- Disconnect without shutting off all potentially affected devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user passwords, and setting up 2FA to secure your backups.
- Create forensically complete duplicates of all exposed devices so the file restoration team can proceed
- Save firewall, virtual private network, and other key logs as soon as feasible
- Identify the variety of ransomware involved in the assault
- Survey each machine and storage device on the network as well as cloud storage for indications of compromise
- Catalog all compromised devices
- Determine the type of ransomware involved in the attack
- Study logs and sessions to determine the timeline of the ransomware assault and to spot any potential sideways migration from the originally infected system
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Search for new executables associated with the original encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from messages and check to see whether they are malware
- Provide comprehensive attack reporting to meet your insurance and compliance requirements
- List recommendations to shore up cybersecurity vulnerabilities and improve processes that lower the exposure to a future ransomware breach
Progent has delivered remote and on-premises IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning software. This breadth of skills allows Progent to identify and consolidate the surviving parts of your IT environment after a ransomware intrusion and reconstruct them quickly into an operational network. Progent has worked with leading insurance carriers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in St. Louis
To find out more about ways Progent can assist your St. Louis business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.